Question No: 91 – (Topic 3)

Intercepting traffic intended for a target and redirecting it to another

Spoofed VLAN tags used to bypass authentication

Forging tags to bypass QoS policies in order to steal bandwidth

Answer: A Explanation:

The Smurf Attack is a distributed denial-of-service attack in which largenumbers of Internet Control Message Protocol (ICMP) packets with the intended victim#39;s spoofed source IP are broadcast to a computer network using an IP Broadcast address.

Most devices on a network will, by default, respond to this by sending a reply to the source

IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim#39;s computer will be flooded with traffic. This can slow down the victim#39;s computer to the point where it becomes impossible towork on.

Question No: 92 – (Topic 3)

A company wants to make sure that users are required to authenticate prior to being allowed on the network. Which of the following is the BEST way to accomplish this?

A. 802.1x

B. 802.1p

Single sign-on

Kerberos

Answer: A Explanation:

For security purposes, some switchesrequire users to authenticate themselves (that is, provide credentials, such as a username and password, to prove who they are) before gaining access to the rest of the network. A standards-based method of enforcing user authentication is IEEE 802.1X.

Question No: 93 – (Topic 3)

A network technician has been tasked to configure a new network monitoring tool that will examine interface settings throughout various network devices. Which of the following would need to be configured on each network device to provide that information in a secure manner?

S/MIME

SYSLOG

PGP

SNMPv3

RSH

Answer: D Explanation:

The network monitoring need to use a network management protocol. SNMP has become the de facto standard of network management protocols. The securityweaknesses of SNMPv1 and SNMPv2c are addressed in SNMPv3.

Question No: 94 – (Topic 3)

A technician is installing a surveillance system for a home network. The technician is unsure which ports need to be opened to allow remote access to the system. Which of the

following should the technician perform?

Disable the network based firewall

Implicit deny all traffic on network

Configure a VLAN on Layer 2 switch

Add the system to the DMZ

Answer: D Explanation:

By putting the system in the DMZ (demilitarized zone) we increasethe security, as the system should be opened for remote access.

A DMZ is a computer host or small network inserted as a quot;neutral zonequot; between a company#39;s private network and the outside public network. It prevents outside users from getting direct accessto a server that has company data. A DMZ often contains servers that should be accessible from the public Internet.

Question No: 95 – (Topic 3)

Which of the following types of network would be set up in an office so that customers could access the Internet but not be given access to internal resources such as printers and servers?

Quarantine network

Core network

Guest network

Wireless network

Answer: C Explanation:

A wireless guest network could be set up so that it haslimited access (no access to local resources) but does provide Internet access for guest users.

Question No: 96 – (Topic 3)

An organization notices a large amount of malware and virus incidents at one satellite office, but hardly any at another. All users at both sites are running the same company image and receive the same group policies. Which of the following has MOST likely been implemented at the site with the fewest security issues?

Consent to monitoring

Business continuity measures

Vulnerability scanning

End-user awareness training

Answer: D Explanation:

Users should have security awareness training and should have all accepted and signed

acceptable usepolicy (AUP) agreements. User awareness training is one of the most significant countermeasures the company can implement.

Question No: 97 – (Topic 3)

A wireless network technician for a local retail store is installing encrypted access points within the store for real-time inventory verification, as well as remote price checking capabilities, while employees are away from the registers. The store is in a fully occupied strip mall that has multiple neighbors allowing guest access to the wireless networks. There are a finite known number of approved handheld devices needing to access the store#39;s wireless network. Which of the following is the BEST security method to implement on the access points?

Port forwarding

MAC filtering

TLS/TTLS

IP ACL

Answer: B Explanation:

MAC filtering allows traffic to be permitted or denied based on a device’s MAC address. We make a MAC filtering which contains the MAC addresses of all approved devices that need to access the wireless network. This ensures that only approved devices are given access to the network.

Topic 4, Troubleshooting

Question No: 98 CORRECT TEXT – (Topic 4)

Wireless network users recently began experiencing speed and performance issues after access point 2 (AP2) was replaced due to faulty hardware. The original network was installed according to a consultant#39;s specifications and has always worked without a problem.

You, a network technician, have been tasked with evaluating the situation and resolving the issues to improve both performance and connectivity. Refer to the following diagram and perform any NECESSARY changes to the wireless and wired infrastructure by adjusting devices.

Note: Adjust the LEAST number of devices needed to fix the issue, all blue icons in the image are clickable. When you feel the simulation is complete please select the Done button.

Answer: Here is the solution below.

Explanation:

Since we know that the network was running perfectly before replacing AP2 we should start by looking at this new device thatwas used to replace the old one. Here we see that the other AP’s have hard coded the speed and duplex settings to 100/full, while AP2 is set to auto/auto.

Also, the other AP’s have been configured to use 802.11G, while AP2 is using 802.11B. Finally the channel that AP2 is using overlaps with AP1 which can cause problems.

Channels 1, 6, and 11 are spaced far enough apart that they don’t overlap. On a non- MIMO setup (i.e. 802.11 a, b, or g) you should always try to use channel 1, 6, or 11. Since AP1 is using1, and AP3 is using 11, AP2 should be using 6.

Question No: 99 – (Topic 4)

After repairing a computer infected with malware, a technician determines that the web browser fails to go to the proper address for some sites. Which of the following should be checked?

Server host file

Subnet mask

Local hosts file

Duplex settings

Answer: C Explanation:

The local hosts file is a text file thatcontains hostname-to-IP address mappings. By default, host to IP address mappings that are configured in the Hosts file supersede the information in DNS. If there is an entry for a domain name in the Hosts file, then the server will not attempt to query DNS servers for that name. Instead, the IP address that is configured in the Hosts file will be used. If the IP address corresponding to a name changes and the Hosts file is not updated, you may be unable to connect to the host.

Question No: 100 – (Topic 4)

A user calls the help desk and states that he was working on a spreadsheet and was unable to print it. However, his colleagues are able to print their documents to the same shared printer. Which of the following should be the FIRST question the helpdesk asks?

Does the printer have toner?

Are there any errors on the printer display?

Is the user able to access any network resources?

Is the printer powered up?

Answer: C Explanation:

The user has already provided you with the information relevant to the first step in the 7- step troubleshootingprocess. The next step is to “Question the obvious.” The user has stated: “…his colleagues are able to print their documents to the same shared printer.” The obvious question in this instance is whether the user can access any network resources.